Skip to content

Instantly share code, notes, and snippets.

@abhimskywalker

abhimskywalker/StackFile.ts

Created January 10, 2024 16:26
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save abhimskywalker/f78a353a18c8246f9c0b20c110903a45 to your computer and use it in GitHub Desktop.
Save abhimskywalker/f78a353a18c8246f9c0b20c110903a45 to your computer and use it in GitHub Desktop.
Download ZIP
Python equivalent of `import { Config } from "sst/node/config";` in `sst`
Raw
handler.py
import boto3
import os
SST_APP = os.getenv("SST_APP")
SST_STAGE = os.getenv("SST_STAGE")
ssm = boto3.client("ssm")
def get_secret(name):
parameter = ssm.get_parameter(
Name=f"/sst/{SST_APP}/{SST_STAGE}/Secret/{name}/value", WithDecryption=True
)
return parameter["Parameter"]["Value"]
def main():
DATABASE_URL = get_secret("DATABASE_URL")
# do stuff
Raw
StackFile.ts
const DATABASE_URL = new Config.Secret(stack, "DATABASE_URL");
const mySecretAccessingFunc new Function(stack, "MySecretAccessingFunc", {
runtime: "container", // could be "python3.11"
bind: [DATABASE_URL], // This does set lambda env var "SST_Secret_value_DATABASE_URL": "__FETCH_FROM_SSM__", but dunno how to use it in python 🤷‍♂️🥲
handler: "src/lambda",
container: {
cmd: ["handler.main"]
},
initialPolicy: [
// For lambda to be able to access secrets.
new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
resources: [
`arn:aws:ssm:*:*:parameter/sst/${app.name}/${stack.stage}/Secret/*`,
],
actions: ["ssm:GetParameter"],
}),
],
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment